Skip to content

Package signing & detection/verification

Due by January 31, 2020 0% complete

Security work funded by a gift from Facebook https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.html .... (1) Cryptographic signing and verification of artifacts (PEP 458/TUF or similar) (2) Automated detection of malicious uploads (3) Further work on API tokens + multi-factor authentication, should the need arise (4) UI design aroun…

Security work funded by a gift from Facebook https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.html .... (1) Cryptographic signing and verification of artifacts (PEP 458/TUF or similar) (2) Automated detection of malicious uploads (3) Further work on API tokens + multi-factor authentication, should the need arise (4) UI design around new features mentioned above (5) User adoption planning/design (6) Documentation. PSF plans to do this work in the second half of 2019.

You can’t perform that action at this time.